Best firewall gateway version of Linux ?

Richard Cottrill richard_c at tpg.com.au
Wed Jan 16 23:17:21 EST 2002 

I'm pretty sure that all of the problems with Smoothwall that you've
mentioned no longer exist. I suspect the NBH syndrome.
You can:
 - SSH into your network from outside
 - Set up a tunnel between your network and someone else's (or vice versa)
 - I believe that endless logs are not a problem any more. Certainly my
anorexic hard disc (100MB) hasn't shown any signs of strain.

What I cannot do (and have I don't believe there's an way to do this under
Linux of any flavour) is to set up an h.323 (VoIP) transparent NAT firewall.
The only module is for 2.2.x kernels (handy for Smoothwall/IPCop, but not so
much for the rest of the population) and that doesn't cover all of the h.323
spec (gatekeepers are notably absent - although actual calls happen).

Hints appreciated. Pointers to HOW-TOs for writing masquerading modules
likewise appreciated.

Richard

> -----Original Message-----
> From: linux-admin at lists.samba.org [mailto:linux-admin at lists.samba.org]On
> Behalf Of Alex Satrapa
> Sent: Tuesday, January 15, 2002 8:38 PM
> To: CLUG Mailing List
> Subject: Re: Best firewall gateway version of Linux ?
>
>
> On Tuesday, January 15, 2002, at 11:03 , Rasjid Wilcox wrote:
>
> > No-one really answered the 'some idea of the most common version' part
> > of
> > your question.  However, I know that despite moves afoot from
> > Smoothwall to
> > IPCop, a number of list members use Smoothwall.
>
> I think the implicit answer to that question was "neither Smoothwall nor
> IPCop".  Most people use the "roll your own" version!
>
> I have used SmoothWall GPL in the past, and what I found is that
> pre-packaged firewalls are great if you only want to do what the
> firewall was designed to let you do - ie: browse the web and read mail
> through web-mail sites, or using IMAP clients that connect to external
> servers.
>
> SmoothWall GPL at the time did not let you do things like:
>   - SSH into your network from outside
>   - Set up a tunnel between your network and someone else's (or vice
> versa)
>
> Then of course are the maintenance issues - the version of SmoothWall
> that I first used didn't use logrotate.  So the logs just grew and grew
> and grew until the hard drive filled up and my SmoothWall box silently
> failed to do anything.
>
> To present you the "PPP log", SmoothWall would parse the entire syslog
> looking for "pppd" entries.  The sensible thing to do would have been to
> generate the ppp log as events happen.  In Debian for example, you get
> the convenient /var/log/ppp.log.  No need to parse anything, and you
> even get logrotate thrown in to the deal ;)
>
> The only feature I liked about SmoothWall GPL was that it made it
> possible for my non-tech housemates to dial up to the internet by
> clicking a button on a web page.  Easy.  So I ripped out the scripts
> responsible and stuck them on a Debian box.
>
> Alex
>
>

More information about the linux mailing list